package com.adingxiong.security.springsecurity.filter;

import com.adingxiong.security.springsecurity.controller.TestController;
import com.adingxiong.security.springsecurity.entity.ImageCode;
import com.adingxiong.security.springsecurity.exception.ValidateCodeException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.social.connect.web.HttpSessionSessionStrategy;
import org.springframework.social.connect.web.SessionStrategy;
import org.springframework.stereotype.Component;

import org.springframework.util.StringUtils;
import org.springframework.web.bind.ServletRequestBindingException;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.context.request.ServletWebRequest;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @ClassName ValidateCodeFilter
 * @Description TODO
 * @Author xiongchao
 * @Date 2020/10/16 16:19
 **/
@Component
public class ValidateCodeFilter extends OncePerRequestFilter {

    @Autowired
    private AuthenticationFailureHandler authenticationFailureHandler;

    private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();
    @Override
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if("/login".equalsIgnoreCase(httpServletRequest.getRequestURI()) && "post".equalsIgnoreCase(httpServletRequest.getMethod())){
            try {
                ServletWebRequest servletWebRequest = new ServletWebRequest(httpServletRequest);
                ImageCode codeInSession = (ImageCode) sessionStrategy.getAttribute(new ServletWebRequest(httpServletRequest), TestController.SESSION_KEY);
                String codeInRequest = ServletRequestUtils.getStringParameter(servletWebRequest.getRequest(), "imageCode");

                if (StringUtils.isEmpty(codeInRequest)) {
                    throw new ValidateCodeException("验证码不能为空！");
                }
                if (codeInSession == null) {
                    throw new ValidateCodeException("验证码不存在！");
                }
                if (codeInSession.isExpire()) {
                    sessionStrategy.removeAttribute(servletWebRequest, TestController.SESSION_KEY);
                    throw new ValidateCodeException("验证码已过期！");
                }
                if (!codeInRequest.equalsIgnoreCase(codeInSession.getCode())) {
                    throw new ValidateCodeException("验证码不正确！");
                }
                sessionStrategy.removeAttribute(servletWebRequest, TestController.SESSION_KEY);
            }
            catch (ValidateCodeException  e){

                return;
            }
        }
        filterChain.doFilter(httpServletRequest,httpServletResponse);
    }
}
